Using ElectronAshoori Grouphttp://electron.mit.edu/index.php/usingelectron/45
Tue, 26 Sep 2017 21:52:38 +0000Joomla! 1.5 - Open Source Content Managementen-gbSSH troubleshootinghttp://electron.mit.edu/index.php/usingelectron/45-ssh/60-ssh-troubleshooting
http://electron.mit.edu/index.php/usingelectron/45-ssh/60-ssh-troubleshootingThis article has some tips for making SSH painless, as well as instructions for when you see weird error messages.

By default, SSH does not forward graphical (X11) connections. This is due to some really obscure security concerns. If you want to run graphical programs, add "-X" to the ssh command line, ie.

ssh -X electron.mit.edu

This can be a little slow for complex software, especially off-campus. You can test that this has worked by running a small program, like "xclock".

Don't forget to use an ampersand at the end of the program name so it runs in the background -- otherwise you'll only be able to run one program at a time (ie., run "xclock &" rather than xclock.). However, if you forget the & you can "suspend" the program by hitting ^Z, then background it with the "bg" command.

If you like, you can change SSH to forward X11 by default; as root, edit /etc/ssh/ssh_config, and change the line that reads something like

# ForwardX11 no

to

ForwardX11 yes

Sometimes, when logging into another computer, you'll get a scary looking warning like:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@The RSA host key for snow has changed,and the key for the corresponding IP address 192.168.0.159is unknown. This could either mean thatDNS SPOOFING is happening or the IP address for the hostand its host key have changed at the same time.@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!Someone could be eavesdropping on you right now (man-in-the-middle attack)!It is also possible that the RSA host key has just been changed.The fingerprint for the RSA key sent by the remote host is97:ae:d2:2c:49:9d:0e:b9:dc:44:fe:48:5d:83:fb:14.Please contact your system administrator.Add correct host key in /home/odie/.ssh/known_hosts to get rid of this message.Offending key in /home/odie/.ssh/known_hosts:11

Or similar. Although this looks bad, all it probably means is that the IP address of the computer you're trying to log into has changed. Because we use DHCP, this can happen every time a computer reboots. To fix the problem, delete the appropriate lines out of the known_hosts files (in this case, line 11).

Alternatively, run

ssh-keygen -R my_hostname

ssh-keygen -R my_ip_address

where my_hostname and my_ip_address are replaced with the hostname and IP address from the message (snow, and 192.168.0.159 in this case).

If you want to understand what you just did (or just like doing things the hard way), you can see the details on the next page.

Setting up a private key

You'll only need to do this once. If you don't care to understand what's happening, and just want your key, try the abbreviated directions on the previous page.

Log in to a lab computer, and open up a terminal

Create a symlink to your electron home directory, if you haven't already. This will allow you to easily access your files on electron from this machine.

ln -s /mnt/electron_home/$USER electron_home

You'll want to repeat this command from each computer you use. Running

cd electron_home; ls

should now show you all your files on electron.

Set up a private key.

ssh-keygen

You will be prompted for a file to save the key in. Accept the default.

You will be prompted for a passphrase. If you enter one, you will need both the key file and the passphrase to log into electron. If you leave this blank, the file alone will be enough, and you can use ssh to move around the lab without typing your password. If you're not too paranoid, I recommend leaving this blank and keeping your key file safe. (If you want to get really fancy, you can use an ssh-agent to remember your password for you, so you only type it once when you first log in. This is probably the best solution, but more complicated to set up. See the agent tutorial, which doesn't exist yet, to see how.)

Copy your keys to electron.

cp -rip ~/.ssh ~/electron_home/.ssh

If this prompts you about overwriting anything, you probably already have a key. If you want to disable that key (because, for example, you've lost track of it), run rm ~/electron_home/.ssh/authorized_keys to disable it completely, and tell cp to overwrite the files.

Your .ssh directory on the lab machine can now be changed to simply point to your .ssh directory on electron, simplifying things if you ever change your key.

Be very careful about the next few lines; rm -r is dangerous. From the lab machine, not from electron, run

rm -r ~/.ssh; ln -s ~/electron_home/.ssh ~/.ssh

Repeat the test step above.

Copying your key around

Your private key file is the equivalent of a password. To log into electron from a machine, you'll need to copy it to that machine, or let it know where to find it. The way to do this is a little different for a Windows box, a computer that's always in lab, or a computer that is sometimes or always outside of lab.

Lab machines

Log in to a lab computer, and open up a terminal

Create a symlink to your electron home directory, if you haven't already. This will allow you to easily access your files on electron from this machine.

ln -s /mnt/electron_home/$USER electron_home

You'll want to repeat this command from each computer you use. Running

cd electron_home; ls

should now show you all your files on electron.

Set up the keys

Be very careful about the next few line; rm -r is dangeroous.

rm -r ~/.ssh; ln -s ~/electron_home/.ssh ~/.ssh

Other unix machine

You'll need to contrive to copy the file ~/.ssh/id_rsa to the machine. The easiest way is if the machine you want to allow to login to electron allows ssh logins itself. If the machine was named "boz.mit.edu", you could log into electron from inside of the lab, and run

scp ~/.ssh/id_rsa boz.mit.edu:.ssh

If the machine in question doesn't allow ssh logins, (for example, it's behind a firewall or a home router), you'll need to use a USB thumb drive or similar to copy it to the machine.

Windows machine, inside lab or portable

Using the windows networking, copy the file named id_rsa from the .ssh subdirectory of your home directory (you may need to enable "show hidden files" to see this directory) to your desktop.

Install putty, an SSH client for windows. You can find it at this web site I recommend using the windows installer, but if you don't, you'll need at leastputty and puttygen.

Run puttygen. The windows installer puts it in C:\Program Files\PuTTY\ by default.

Push the "Load" button. Set the file type to "All Files (*.*)", and select the id_rsa file you copied over earlier.

If you used a passphrase with your key, you'll have to type it now.

You should see a confirmation the file loaded ok. Press "Save private key". Give your key a descriptive name (like electron or username) and save it someplace easy to reach.

If you have a passphrase with your key, you might copy it into your "startup" folder. If you do this, you'll be prompted for your passphrase once when you log into windows, and it'll remember it for the rest of the session.